Bay Federal Credit Union
Back to the Blog

Protecting Yourself from Phishing, Smishing, and Spoofing Scams

Posted May 1, 2025

Scams are always evolving, and cybercriminals use emails, text messages, and fake websites to steal personal information. Understanding these tactics is the first step to protecting yourself—and your personal information.

Phishing (Email Scams)

Have you ever received an email that appears to come from a trusted source, like a government official or a friend, but turned out to be fake? This is called a phishing scam, and scammers use them to convince victims to share their personal information or click on fraudulent links.

  • Be suspicious of “urgent” messages, emails with typos, unusual email addresses, and messages with attachments.
  • Instead of clicking on any links, navigate to the website yourself using a URL you know to be legitimate. 
  • Don’t download unexpected attachments. They might install malware on your computer or device, which can then gain access to your personal information.
Smishing (Text Message Scams)

Smishing scams use text messages to steal victim’s personal information. Sometimes, the scammers pretend to represent your financial institution and ask for your personal information to “verify your identity;” other times, they may claim to represent another trusted organization, like the United States Postal Service (USPS) or a streaming service.

  • Legitimate businesses will not ask for sensitive information through text messages. 
  • Watch out for poor grammar, unfamiliar links, or messages from unknown numbers.
  • Don’t reply to urgent requests to verify your account or payment method and avoid clicking on strange links. Never share any one-time passcodes with anyone.
Website Spoofing

Sometimes, scammers duplicate a financial institution’s website and use the login section to steal member’s information. These duplicate sites can be hard to spot, but there are a few tell-tale signs:

  • Official websites that use secure connections to protect your data will include the "s" after the "http" at the start of each URL. 
  • Scam sites will sometimes use URLs that look similar to legitimate ones. For example, they might replace “.net” with “.com.” 
  • Look for obvious signs of a fake, such as fuzzy or pixelated logos and images, broken links, grammatical errors, and frequent typos.
  • Watch out for links received via unsolicited emails or text messages. These could direct you to phishing sites designed to steal your information.
Call Spoofing

Call spoofing is when fraudsters call and pretend to be from a legitimate organization to convince you to share personal information.

  • Scammers can change the name on the caller ID. Even if the name is one you’re familiar with, like the name of your financial institution, it could still be a scam.
  • A “+” before a phone number indicates a country code. The country code for the United States is “+1.” If you see any other number, the call is coming from another country.
  • If you didn’t initiate the call and the caller requests any information or action from you, tell them you will call back. You should then hang up, look up the legitimate phone number for the organization, and ask them if the call was legitimate. 
  • Legitimate organizations won’t ask for sensitive information like your user ID, PIN, or one-time password over the phone. 
  • If you’re pushed to act quickly, it is probably a scam.
  • Sometimes scammers will call several times, establishing trust. Stay alert!

If you think you’ve encountered a scam or accidentally shared your info with a fraudster, report it to your financial institution immediately. If your Bay Federal accounts might be compromised, you can reach us in branch, or over the phone at 831.479.6000 or toll-free at 888.4BAYFED. You’ll also want to monitor your accounts for any unusual activity.

Your safety is important to us, and we want to make sure you have the knowledge and tools to protect yourself from scams. Please take a look at our Fraud Resources page to learn more about recognizing and stopping scam attempts. Remember, if something doesn’t seem right, trust your instincts!

A person talking on the phone

Attention: You are leaving the Bay Federal Credit Union website

You will be redirected to a website outside of the Bay Federal Credit Union website and entering a website hosted by another party. The linked website is not operated by Bay Federal Credit Union. Bay Federal Credit Union is not responsible for the content or availability of the linked website. Bay Federal Credit Union does not represent the operator of the linked website, the member, or any other users if the two enter into a transaction. Privacy and Security Policies of the linked website may differ from those of Bay Federal Credit Union.